Dirty COW Vulnerability (CVE-2016-5195)

Spectracom products running LINUX are only susceptible if an attacker is able to successfully authenticate with the product and gain shell access. This Linux vulnerability can only be exploited if an attacker is able to successfully authenticate with the product and gain shell access. We eliminated the vulnerability in the 5.7.0 release for SecureSync and NetClock 9400.

July 11, 2017

Affected Products:

NetClock

SecureSync

Enterprise

LMR

PTP

SAASM

SecureSync Option

SecureSync-Platform

Skylight

VelaSync

VersaSync

Spectracom products running LINUX are only susceptible if an attacker is able to successfully authenticate with the product and gain shell access. This Linux vulnerability can only be exploited if an attacker is able to successfully authenticate with the product and gain shell access. We eliminated the vulnerability in the 5.7.0 release for SecureSync and NetClock 9400.

Spectracom products are only susceptible if an attacker can successfully login to the product through SSH/Telnet. They would then be able to exploit the vulnerability which will allow them to gain root access to the device.

Products Affected:

SecureSync

NetClock

VelaSync

VersaSync

Description of the Vulnerability
The Dirty COW vulnerability has been present in Linux kernels for roughly the past nine years.

This vulnerability can be exploited by attackers that have gained shell access to a Linux device. Once an attacker has access to the shell of the device they can elevate themselves to gain root access on the device.

Risk Analysis and Recommendation
Spectracom products utilize a variety of authentication mechanisms to mitigate unauthorized users from gaining access to the network time server products. Spectracom recommends using username and password best practices on all accounts. These best practices include ensuring default passwords are changed, and configuring password rules/aging on the device. Additional centralized authentication mechanisms, such as LDAP and/or RADIUS can be utilized as well.

If username and password best practices are used this will mitigate risk of an external attacker exploiting the Dirty COW vulnerability.

A fix for this vulnerability was implemented in June 2017 with the 5.7.0 SW release as part of a Linux Kernel update.